CVE-2006-6694

Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:scriptsfrenzy.com:e-uploader_pro:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:23

Type Values Removed Values Added
References () http://secunia.com/advisories/22314 - () http://secunia.com/advisories/22314 -
References () http://www.rahim.webd.pl/exploity/Exploits/99.txt - Exploit () http://www.rahim.webd.pl/exploity/Exploits/99.txt - Exploit
References () http://www.securityfocus.com/bid/20481 - () http://www.securityfocus.com/bid/20481 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/29574 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/29574 -
References () https://www.exploit-db.com/exploits/2556 - () https://www.exploit-db.com/exploits/2556 -

Information

Published : 2006-12-21 21:28

Updated : 2025-04-09 00:30


NVD link : CVE-2006-6694

Mitre link : CVE-2006-6694

CVE.ORG link : CVE-2006-6694


JSON object : View

Products Affected

scriptsfrenzy.com

  • e-uploader_pro